Hi all, I try to solve FAQ2 scenario with multiple ppp+ interfaces as well as a network which has access through the same gateway as the ppp+ as well as the regular local zone.
My ppp+ uses the network 10.251.255.0/24 and they come in through wan interface vlan3005 My regular local zone is 10.10.10.0/24 with local interface vlan200 My second local network is 10.100.100.0/24 The second local network is forwarded through several default gateways until it arrives at the firewalls interface vlan664 with ip 172.31.255.2/30 All these three networks exist in different routing tables but I have rules and routes which make it possible so that they share one and the same external interface vlan3003 1.2.3.4 which masquerades them all. My regular network can access the the outside interface exactly as described by faq 2. But regarding the ppp+ and second network I am a bite confused what do do. I tried as following. The internally www service runs on 10.10.10.79/24, the firewall interface in that zone is 10.10.10.20/24 #ZONE INTERFACE BROADCAST OPTIONS v3003 vlan3003 detect routeback v3005 vlan3005 detect v200 vlan200 10.10.10.255 v664 vlan664 172.31.255.3 - ppp+ - /etc/shorewall/hosts l0001 ppp+:10.251.255.0/24 In /etc/shorewall/masq: #INTERFACE SUBNET ADDRESS PROTO PORT(S) vlan200:10.10.10.79 vlan664 10.10.10.20 tcp www vlan200:10.10.10.79 10.251.255.0/24 10.10.10.20 tcp www In /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST PORT SOURCE ORIGINAL # PORT DEST. DNAT v664 v200:10.10.10.79 tcp 80 - 1.2.3.4 DNAT l0001 v200:10.10.10.79 tcp 80 - 1.2.3.4 Im really not sure how I have to setup especially rules and masq file so that all hosts from l0001 and v664 (this is the zone for 10.100.100.0/24 as well). Is someone out there who can help me with this? Thanks a lot for comments on this. Cheers Mike ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
